Until biometric standards are developed, passwords should be retained
Biometric technologies offer many advantages, but until universal standards are set, the use of passwords should not be abandoned; the permanence of biometric characteristics creates a situation in which if someone were to intercept or hack one’s biometric data, a person’s entire livelihood would be at stake, as opposed to a simple password change
Liam Terblanche, chief information officer at Accsys, a national supplier of payroll, HR, and access control solutions, suggests that without an infrastructure biometric companies can standardize their products by, written passwords will still be needed.
Terblanche argues this mainly because of the threat biometrics pose when used as the only safeguard for identity and access management technologies. The problem right now, he argues, is the “permanence of biometric characteristics,” in that if someone were to intercept or hack this data, a person’s entire livelihood would be at stake, as opposed to a simple password change.
As John Sileo, identity theft expert and author of Privacy Means Profit (Wiley, August 2010), was quoted in a Homeland Security NewsWire article last month (“The promise, and risks, of battlefield biometrics, 11 August 2010 HSNW) as saying that “…data breaches have and will continue to occur. People must realize that biometric data is no different from any other type of information once entered into a database — the problem is that nobody has proven they can really protect these invaluable assets.”
The considerable push in the industry to implement biometric security seems to overlook a certain few biological complexities, such as the case for those with Glaucoma and other eye defects that would invalidate any type of iris-scan, making the practice non-universal. There are cultural hurdles to overcome as well if considering a universal method of attaining biometric information. Facial concealment, as is common practice by many Muslim women that wear Hijābs or Niqābs, would make scanning operations diffcult if not impossible.
Terblanche comments on the creative ways people are using biometric data to beat the system. Human resource environments are now dealing with “buddy clocking,” which is the fraudulent practice of “clocking-in,” or aiding an acquaintance in creating the illusion of workplace attendance by using their biometric data.
Considering the ease and scalability biometric wares have to offer, decision makers in the industry should agree to establish a universal system on which to base their developing technologies.